Hello Everyone,
Background:
- I have used syncthing for around a year on many of my devices.
- I am returning to windows and wanted to install the base syncthing; this is where i ran into an issue verifying the downloaded binary.
- I couldn’t find a similar question on the forum other then this one, but the solution points to the security page which is a broken link. That solution also seems to use gpg and I rather use the stsigntool if that is a possibility.
What i did:
- read the release signing page
- Download v1.27.1 base for windows (amd64)
- Extract files; open terminal in the new extracted folder
- I previously installed go and the stsigntool from syncthing’s github repository
- ran this command:
which returnedstsigntool verify ./metadata/release.sig ./syncthing.exe
Note there is noincorrect signature
syncthing.exe.sig
file like the release signing page suggests.I downloaded and ran the above commands on a mac; i plan to verify on mac and then move the binary to my windows laptop.
I am looking for help on what I missed:
- Did i understand the signing page correctly?
- Where is the syncthing.exe.sig file?